Old-school coder living in a 2.0 development world.

Menu

Category Archives: Rants

(this is a rhetorical post to Code Hard or Go Home, ’cause the amount of bullshit in the post is so much that you can call it almost a “cesspool post” instead of “blog post”)

There is one thing I really don’t like: Percentages, because it’s so easy to mess with the information in a single message. If one product suddenly jumped from 10 users to 20, you can clearly say that it “had a 100% grow!” and call it “the fastest growing” product in its niche. Sure, the other brand with 100.000 users will have a hard way to debunk that, as the message is, for all cases, right.

The other is graphs. Because they show, in a nice way, number without reveling what they mean.

But let’s break this to show how much bullshit there is in that so you can tell this guy to join Atwood and Jeremy Khan and move to farm and stop spreading misinformation as fact.

The first thing wrong, right out of the bat, is how he portraits Open Source communities[1]. You can pick any other open source project, Python, GNOME, KDE — you know, the ones that basically wrote the story on how to open source projects — and see that, way above every project, there is a leadership (Python have Guide, GNOME have the GNOME foundation and KDE have the KDE foundation). Dunno about Guido, but the people in the GNOME foundation, which drives the force behind GNOME, organize, divide resources, help developers with timelines and give some ideas on how to proceed in the next version but they barely do any changes (those are left to the developers themselves). And they still manage and “own” the project.

(I know, for a fact, that Guido reviews a lot of PEPs and give opinions about those, but I’m not quite sure how much “changes” he does in the Python interpreter these days, so I’ll keep that out of the discussion for awhile. And feel free to correct me here.)

The second wrong thing are the graphs, with wild claims about what they mean. I’ll prove this by reading the graphs in a complete opposite way: If you look at the second graph, you can see that Google have a huge turn-around of developers, while the number of people working on WebKit at Apple is almost steadily. This means that the Apple team probably knows the code a lot better than the Google team.

Stopping here for a second just to say that I, too, can be completely wrong: Apple could have a constant turn-around of developers, keeping the number of those almost the same during all the time while Google may have a core of developers who drive the most of the “Android Green”[2] team. Just saying that to point that, absolutely, this guy needs to learn how to read graphs, ’cause those just tell about numbers and not what those mean.

Now, back to the first graph (which blends with the paragraph just above it): Google had more commits. This means they contributed a lot more, right? Well, if that’s the fact and Google really “contributed” to the project, why the WebKit devs claiming they can finally get rid of code that is specific to Chrome? This may actually mean another thing: Google was already fucking with WebKit to do what they want instead of play ball with all the other developers. In that case, the WebKit developers are more into “open source” philosophy than Google, ’cause they accepted things they wouldn’t need just to keep the ball rolling.

And stopping again to prove the point that that’s what I’m reading and distorting to prove my point that Google is the bad guy in this instead of going after the facts. It could really be that Google, while adding new features, had to open space for its own extensions. But I could also point that, just a few paragraphs later, John points that Google didn’t play ball with the open source community when they decided to not to contribute the multi-process architecture back to WebKit. So I can, once again, point that Google never really did embraced the open source nature of WebKit and was, all the time, just fucking it up.

“But I look at those graphs and wonder.”, he says. Well, yes, I look at those graphs and wonder: Do you have any idea of what you’re talking about?

And then there is the anecdote of Safari crashing more than Chrome. Well, fun fact: I thought ArenaNet botched a patch and was constantly sending reports and was almost furious that they never fixed. Then the NVidia settings panel crashed and I realized it was my system that was botched, not the game. I can also add that, along with Safari, in this year Pwn2Own, Chrome was the first browser to fell (with a bug that they don’t to tell anyone and sell to be exploited around); Firefox fell only on the third day. So yeah, I can claim that while John keeps pointing that Chrome is super-duper secure, Firefox is light years ahead ’cause it took longer to crack and, then, this whole debacle is pointless and Firefox clearly won.

But, then again, I’d be doing slight distortion of facts just to prove my point. Exactly how John did with his whole post[3].

But why do I mention the story of my botched system? Because your Safari crashing more than your Chrome means absolutely nothing. It could be a gazillion different things that prove absolutely nothing. The guy could be running Safari with extensions (yes, they exist) and Chrome with absolutely nothing and the extension is preventing Safari from running flawlessly and the pages stop responding to protect the browser itself. It’s like people that claimed Firefox was slow and bloated compared to Chrome, when they had a pristine copy of Chrome while their Firefox had more than a dozen extensions.

And I can cite again, using John words, that if Google was really into open source, they wouldn’t refuse to contribute to the multi-process architecture and Safari could have better protection. But hey, they didn’t and you have to ask what was the point of the claiming that “Google chose to participate in the existing WebKit community” when they clearly didn’t.

You know, for a guy with a blog titled “Hypercritical”, this guy is pretty full of bullshit instead of being critical to his own writing. Maybe it’s a sarcastic title, meaning people that read that are not really critical…

Still edit: And just breaking this paragraph to point that this doesn’t mean your choice of browser is wrong. The fact that Google seems incapable of being a real open source contributor (which is more than just “post commits with code”) doesn’t mean the feature you really like in Chrome is bad and you should feel bad (in Zoidberg voice). It just mean that you don’t need to pick a graph, read it completely wrong just to have some affirmation on your choice.

[1] And I’ll give him credit for at least telling the correct story behind WebKit.

[2] Yes, I saw what you did there. It was not clever, by the way.

[3] And did that with a bunch of links, nonetheless, just to look like a Wikipedia page and give some street cred to the post (including an “already proven” link that actually just goes to the Chrome page without proving a damn thing!)

In January this year, I wrote about why the iPad matters. There, I pointed that a lot of changes would come to the digital world since it appeared.

Recently, the iPad was officially launched in Brazil. Now you don’t need to import it and pay huge taxes for it; you can go to a local shop and buy it, paying the huge taxes for it.

There is only one problem with it: All reviews that people post here about it are translations of American articles, saying how awesome the new iBook Store is, how now you don’t need to carry books around, how you can easily watch your favourite TV series on Hulu and get movies from Netflix, buy the soundtrack of the movie or the new album of your favourite artist on iTunes Store… In short, all the good things about having a slim notebook where you won’t type much.

The problem is: Nothing of this is available here in Brazil. So, in the end, the iPad is nothing but a huge iPod Touch. And when you point that, people get pissed.

I mentioned that on Twitter to someone that posted a translated article from IT World (I think, can’t really remember right now) which mentioned all those good services you can access but are only available in very selected places of the planet. Their answer? “The iPad is an awesome device and people that say it’s a huge iPod never used it or don’t like it ;)” (yes, smiley face and all.)

First of all, I used it already. My aunt have one and I’m still trying to figure out how she uses it. I like the bigger virtual keyboard compared to the iPod Touch, and the huge screen to check websites, but that’s it — exactly what a bigger iPod Touch would do. Second, if you read my original post, yes, I do like the iPad because what it means. So neither points were valid, to start with. But this guy had to defend how awesome the device was, doesn’t he?

That’s when I pointed that a small netbook would do the same, for much less money ’cause, in the end, all you have is internet access to read the local newspaper online. And any device with connectivity would suffice, including a recent iPod Touch (as long as you have a wifi around) or even an iPone 3GS, which would do much more than the iPad for around the same price.

So no, it’s not that I don’t like the iPad or never used it. The problem is the tiny minded people with money that don’t want to share their things with the world and put geological barriers on a bondariless technology. And while those barriers are still up, the iPad would be just a huge iPod Touch on everywhere except the USA.

PS: Just one thing: I used the iTunes Store in Australia and as a digital distribution system, it’s awesome. The problem is that you get crippled versions of most albums instead of the full thing. One example is the soundtrack of “Across the Universe”. I bought it from iTunes Store Australia, only to find a few minutes later that the American version have 5 or 6 tracks more. So the barrier is still there.

It’s not a mystery that I have a problem with Twitter and their API. I never made that a “hidden agenda” of sorts: I always said publicly that they suck, plain and simple. Their API is full of holes, bad bad designs (like returning blocked content to the user and requiring applications to do their filtering) and they insist in aiming for new, stupid features while leaving a lot of bugs behind. Personally, I think their programme manager should be fired and get someone with at least half-brain to lead their development.

But there is one thing that is really annoying me as a user and they never tried to solve: Applications that require write access even when all they want is to read your data to do some calculation. Do they really need write access? No, they don’t. All they want is that access to spam your account without your consent. And don’t even tell you what they want to write on it.

Take, for example, this application (and I recommend you to not put your account info there). Simply put, it tells you who you’re following that are not following back (and who is following you and you’re not). All good and such but, in the end, it posts, on your timeline, a spam back to the site. In no point, the app told me that and in no point I was able to configure what kind of access I’d give to that app.

Not only they took away the user preferences over their own account, but the authorisation screen is so empty and devoid of information that it doesn’t even say what the application do, much less why it wants read or write permissions.

Unfortunately, I don’t think Twitter will ever fix that. Forcing applications to declare that they require write access to post spam (with any more “friendly” terms) would ruin their “ecosystem” and reduce the number of applications. At the same time, adding a preferences pane to the user account would be “unnecessary” ’cause applications should “behave”.

Twitter, the biggest microblogging tool around, decided to change their policy to applications and it’s making it hard to OSS developers create applications that can be as good as the other applications.

First, let me explain what is the problem they are trying to solve, how they are trying to solve and how this will make the life of OSS developers harder.

How things work today?

Today, applications can use the Basic Auth, which send your username and password to Twitter, which checks and, on success, returns your messages, direct messages, post your update and so on. The flaw in this is that someone could be “listening” to your communication and easily guess your username and password. Or you computer could get hacked, attackers could just retrieve the file with your password. And then, one day, you wake up and see some of your updates saying, for example “Buy viagra” or “I liek cocks”; not good.

Solving the password stolen problem with OAuth

To solve the problem of someone stealing your password, Twitter decided to embrace OAuth for two reasons: First, you store an authorization token on your side and not your password, so if you your computer gets hacked, they still don’t have your password. Second, if one application misbehaves, you can remove its permission to post and you should be all good.

On top of that, for applications that are very very naughty, they can completely revoke your application access. Why? The logic behind it is that spammers don’t really care if their spammy applications are misbehaving, as long as they post spam all the day. It also makes the spammers life harder by forcing them to create accounts manually (which they do already) and applications manually, or a group of fake accounts could suddenly stop working ’cause one single application was revoked.

And where is the problem?

Basically, to avoid someone to listen to your communication and use your authorization token, the application must have an identification and a secret token, which is used to encrypt the authentication token and message signature. So, even if your computer is hacked and their stole your authorization token, they still can’t use it ’cause they don’t have the application secret and, that way, can’t sign the messages as being that application.

So Twitter said to all developers today: “Never share your keys! I”

And here lies the problem for open source developers: We were forced to chose amongst two options:

First, we could follow Twitters idea and not share the application keys with the application itself. For a user to be able to use the application, then, they would have to register they application themselves, with another name. For an experienced user, it may be ok, but for users that simply want to read new messages, going all the way of registering an application, knowing if it is a desktop or a browser app, provide some URL and so on it’s too damn complicated. Most users would simply forget about, and think that their friend’s application, which is closed source, is way better.

Second, we ignore Twitter’s recommendation and distribute our application with our keys. In this case, we can either suffer from someone taking those keys and spamming Twitter, thus revoking the application secret and letting our users without any access till we provide a new secret; greately reducing our users protection ’cause their authorization tokens can be easily exploited in case their computers get hacked; or, simply, Twitter decides that since we are providing our keys publicly, and that’s bad for the ecosystem (because of the two previous maybes) and revokes the application anyway.

In summary: Either we give applications with a terrible user experience or we have to bite the bullet and give our users an application with incredible reduced security for them (or that, one day, will simply stop working even if the community of users around it behaves nicely, just because someone took the keys and abused the system.)

Twitter came with a solution for open source applications that, basically, mimics the application registration thing: The application is marked by them as open source, so we would have access to another URL, which basically registers a new application with your application as template, gets a new application secret and identification, returns to you and then you keep using that from now on. So, in case the secret is hacked, only one application is compromised and only one application is blocked. But that won’t be available on the day they will kill the basic authorization. So there will be a gap where open source applications and their users will be completely vulnerable to attacks.

Personally, I hate this instance from them. With Mitter, I always aimed for a simple application that would be easy to use and secure, whenever possible. Their current position forces me to chose one in favour of the other.

Note: This is a WoW related post. If you don’t like MMOs, games, think Blizzard jumped the shark with the “Wrath of the Lich King” expansion, rage quit the game after a paladin killed you in one cooldown or simply aren’t interested in WoW at all, you can skip this.

Today, reading WoW.Com (which is not run by Blizzard, I must say), I read this article about Prot Paladins outhealing Holy Paladins in PvP. As a protection paladin that does the healing job in PvP, I thought it would be worth the read. But the problem show up right in the first paragraph: The author’s solution is remove the Spell Power plate from the game. Wait, WHAT?

For those that don’t know WoW or don’t know how paladins work, here is a brief explanation:

Paladins can fill the three roles in a group, depending on the abilities (or talents) they chose: A healer paladin would take talents from the “Holy” tree; a tanking paladin would take talents from the “Protection” tree; and a damaging (DPS) paladin would take talents from the “Retribution” tree. Of course, there is always some mixing of talents from different trees (e.g., for PvP, a retribution paladin would pick some talents in the protection tree, to improve his survivability), but most points would go to the proper tree.

Also, there is the difference of gear. Since damage is what retribution paladins are going after, they would chose gear with more “Strength” and “Attack Power”; tanking would go with more “Stamina” and “Defense rating” and some “Strength” and “Agility” (I’ll not dwell on how those two attributes help survivability at this point); healing would go after “Intellect” and “Spell Power” (just to know, the more spell power a healing paladin have, the more powerful their healing abilities will be.)

At it’s core, the paladin is a caster. This means that most of it’s abilities are not normal attacks, but magic spells and since everything paladin related is magic, the “Spell Power” can help the class a lot. As the holy paladin is the only one that have gear with “spell power”, talents exist in the other trees to help them: The retribution tree have a talent called Sheath of Light, which increases the “spell power” based on “attack power” (which makes sense, since the retribution paladin would go after “attack power”), holy paladins have Holy Guidance, which increases the “spell power” based on total “intelect” (which helps them to have better heals) and the protection tree have Touched by the Light, which increases the “spell power” based on the total “stamina” (again, makes sense since “stamina” is the base survivability stat tanks go after.) Those talents help retribution paladins to make more damage, the holy paladins to have better healing and the protection to keep the enemy they should prevent running around and killing everyone else attacking just them.

Now that we put the basics down, comes the part that “don’t read”: The Blizzard forums point the problem of Protection Paladins using Holy Paladins PvP (Player versus Player) gear. The author’s solution is to remove the “spell power” plate from the game since holy paladins are the only class that have a use for it. First of all, removing won’t solve a thing, since PvP gear is “bought” with honor and, thus, doesn’t affect any other class. Every class is capable of getting honor no matter what (some may have some difficulties, but it’s not impossible.) But he seems to confuse the PvE part of the game with the PvP part. In a PvE (player versus environment), you go into what it’s called an instance (which is put as a cave, house, cathedral, building), kill some monster till you get to the big monster and, when he’s killed, you get your rewards in the form of new gear. Since holy paladins are the only ones interested in plate with “spell power” (the other plate wearers have no use for it, not even non-paladins) if there isn’t a holy paladin in the group, the gear is lost — it can still be sold, but it’s basically lost ’cause it comes to “it could be some gear that other class could use”. That’s the life of playing a game with random number generators: You can’t just say “I’ll go there and get that gear” ’cause you don’t have any control over the gear that will appear.

And the part that “don’t know how to do math”: As I pointed, holy paladins are interested in gear with “intellect” and “spell power”. But with holy guidance, if maxed to all available points, increases spell power by 20% of the total intellect or 10 intellect increases your spell power in 2. Since your gear also have spell power already, that’s a good trade off.

Stamina, for protection paladins, just turn into health and no other stat. But you may remember that talent that helps Protection paladins to have spell power based on stamina. If you put 3 points in that talent (which is the maximum), you get 30%, which basically makes 10 points in stamina give you 3 more spell power points. Things are starting to look clear, don’t they?

So take a look at this: Let’s take a piece of the PvP gear for holy paladins: the chest. It have 115 stamina, 50 intellect and 98 spell power. For a holy paladin, that means the total spell power of that chest is 118 spell power. For a protection paladin, that means around 132 spell power. And no, you can’t have both talents due the amount of points required to enable those abilities.

Also, just to add insult to the injury, you may notice that there are two “slots”, available for gems. The most powerful intellect gem gives you +20 intellect and the most powerful stamina gem gives you +30 stamina (the gem color is not important, in this case.)

So, removing the spell power plate from the game would help? OF COURSE NOT! If paladins where changed to use mail to have spell power, it would still gave protection paladins more spell power than holy paladins and the overheal would still be there.

The proper solution isn’t so easy, though. Reducing the stamina from the PvP holy gear would damage holy paladins survivability; reducing the spell power from the talent in the protection tree would hurt their ability to keep an enemy attacking everyone in the raid; increasing the Spell Power returned in “Holy Guidance” would make holy paladins in PvE too power to be compared to any other healers.

But there is one insightful comment in the article: Make the amount of spell power increased by stamina based on the total “defense rating”. That stat is only used in PvE by protection paladins and it’s not so helpful in PvP. Since the holy paladins have no use for that, the PvP gear have none and, thus, can be used as base to not hurt protection paladins (since their have large amounts of defense rating anyway) and not overpower holy paladins.

For a while, I’ve been ranting about the new “Star Trek” movie by J.J.Abrams and written by Roberto Orci and Alex Kurtzman. This morning I finally realized why it bothers me and why the line “OMG, boobies in Star Trek?” makes me giggle.

Go on. Go clicky-clicky and try to find the two that doesn’t fit. I’ll wait.

Did you spot the two?

Ok, the answer is: Wesley Crusher and Jake Sisko (although I made it hard for you to noticed why Jake doesn’t belong there.) They are the only teenagers in the whole list of series that were main characters (there we some kids in “Voyager”, but they would appear in only one or two episodes.) All the others look like they are in the late twentys or early thirties (with a few exceptions that look more like they are getting into their fourtys.) And that also includes non-human, ageless forms, like Odo, Data and the Doctor, and the ones with longer lifes, like the Vulcans. Even the youngest crew of all series, the Voyager (they were going into final training before going officially into service when they were transported to the Delta Quadrant) looks like they were in the later twentys.

And that’s why the new Star Trek bothers me. All the actors (with the exception of McCoy) look like they are in their early twentys and in full operational status already. Even in the original series, when the Enterprise goes into its official mission of “explore strange, new worlds, to seek out new life and new civilizations”, Kirk looks like he’s in the late thirties. And now you have a Kirk that looks like he just out of puberty.

Yes, there were boobs in the TOS. But they belonged to mature females, not some out of puberty, hormone full chick.

To me, it looks like the tone of Star Trek changed from “When you get out of your studies and do some real life training, you may be a member of the most important ship of the human race” to “jump into the most important ship of the human race! All you need to do is be able to talk!”. Sign of the times, maybe, when you’re supposed to finish college and be a full experienced whatever-they-call-you-in-the-field. But, still, Star Trek looks a little bit tainted with an “easy way to get there” view.

But, then again, I’m an old trekkie (although I never remember if the proper way is trekker or trekkie…)